My Oracle Support Banner

SSH access on pri-utility-addr of a media interface on VM using Mellanox (MLX) NICs (Doc ID 2818890.1)

Last updated on NOVEMBER 02, 2021

Applies to:

Net-Net OS - Version S-Cz8.3.0 to S-Cz8.4.0 [Release S-Cz8.0]
Information in this document applies to any platform.


SSH is allowed on pri-utility-addr of a media interface, on a VM using specifically the Mellanox (MLX) NICs. If there is a switchover to other node in HA, then at the time, ssh on sec-utility-addr is allowed. Here, no ssh-address is set. This behavior is incorrect and of security concern.


This issue is observed specifically on VM using Redhat Openstack with Mellanox SRIOV setup. The issue was observed on cz830m1p8A.

Important to note that, there is no 'ssh-address' set for the 'network-interface'.


                 name                  M00
                 sub-port-id          123
                 description           Media Interface M00:123
                 ip-address            x.x.x.x
                 pri-utility-addr       x.x.x.a <<========= ssh is allowed on IP set as pri-utility-addr
                 sec-utility-addr     x.x.x.b
                 netmask               y.y.y.y
                 gateway               x.x.x.c
                 hip-ip-list               x.x.x.x
                 icmp-address        x.x.x.x
                 ssh-address                    <<========= No ssh address is set


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.